Guidelines For Creating Secure And Effective Passwords

Guidelines For Creating Secure And Effective Passwords

Even if you're going the extra mile to keep your private data safe with logins that more than one device, passwords are still the weakest link in the chain. The problem is that passwords can easily be cracked by specialized software that uses digital brute force to make thousands of guesses per second.

Common mistakes with passwords and what should be done about them

If you run a business, you can't assume that every employee takes security seriously, which means you need to implement password policies. These policies need to be applied to everything so you don't expose your POS systems, routers, and wireless networks to anyone with access to them.

Most employees tend to create passwords out of common phrases, which are incredibly easy to steal when they're not encrypted. Some employees even share their login credentials with colleagues, considerably weakening their network’s security and leaving them prone to social engineering attacks. Other frequent mistakes include using the same password for every account or not changing them often.

What is an effective password made of?

In theory, the longer and more complex a password is, the harder it is to breach. Strong passwords are so effective that even a supercomputer would take more than an average human lifetime to crack it. Use the following guidelines to make sure your passwords are secure and effective:

1. Only you should know your password.

Never let your friends or colleagues know your password, no matter how close they are to you. Friends can accidentally give your password to just anyone, or they may abuse the credentials you provided.

2. Use a different password for each system.

The first thing any hacker does after confirming a stolen password is to try using it for other accounts. Imagine what could happen if that same password were used in all the systems your company uses!

3. Think of passwords that you can easily remember, but difficult for others to guess.

Depending on the system or website, security experts highly recommend creating a "passphrase" instead of a basic password. Phrases should have more than 20 characters and consist of random words, lower and upper case letters, special characters, and numbers. A good example is "Fi$hCadillac#56ChocolateYellow".

4. Avoid using dictionary words.

If the elements of your password can be found in a dictionary, the possibility of someone else figuring it out is high. Some clever cybercriminals make use of software that guesses passwords by randomly pairing words from the dictionary.

5. Hide your passwords well.

There are countless stories of people writing down their passwords on sticky notes that sit inches away from their screen. For example in 2017, an article about the infamous nuclear false alarm in Hawaii mistakenly published a photo with a security system's password in it.. If you want to write down your passwords, make sure the note is hidden so that no one will find it.

6. Stay away from "phishing" scams.

Never type your password into a website unless you are absolutely certain it is secure. Sometimes sites look legitimate, but are really "phishing" attacks which will send your information to a hacker if you allow it. If you are skeptical, manually log in to the site by typing the URL on the browser window.

7. Log in from secure devices only.

Even if you have the strongest password in the universe, it will be useless if you forget to log out from a public computer (especially in cyber cafes) or if a person can see what you're typing. Hackers have become more creative at stealing data by injecting "keyboard loggers" into seemingly harmless software. This malware will record every keystroke , including passwords, and send it to a cybercriminal. In this case, keep your anti-virus software and operating system updated so they can deal with these threats.

We limited this article to tips that are within the realm of possibility for IT amateurs. But if you're running a business, especially one in a regulated industry, you need several layers of cybersecurity that receive 24/7 attention. Digitel provides that for a flat monthly fee and we'd love to tell you more about it. Give us a call today!